COBIT/Sarbanes-Oxley Security Policy Solutions

Organizations can save thousands of dollars and hundreds of man-hours using our publications to help comply with Sarbanes-Oxley or other corporate governance laws. Organizations adopting the COBIT™ framework for internal audit and control can use our library of pre-written information security policies and job descriptions to build, document and maintain a culture of IT governance.

Control activities are the policies, procedures and practices that are put into place to ensure that business objectives are achieved and risk mitigation strategies are carried out. Control activities are developed to specifically address each control objective to mitigate the risks identified. – IT Control Objectives for Sarbanes-Oxley, ISACA

Information Security Policy Library

Information security policies are the documented control objectives that form the foundation of IT governance. Information Security Policies Made Easy provides a complete set of security policies that cover each of the CoBIT control areas. Organizations can save time and money by customizing our library of over 1500 pre-written information security policies.
» Learn More » Request a Sample

Define and Document Security Roles and Responsibilities

According to the PCAOB Auditing Standard, effective governance requires information security roles and responsibilities to be defined and documented. Information Security Roles and Responsibilities Made Easy provides expert guidance and pre-written templates that can save your organization hundreds of hours of effort in developing your information security security organization.

As both the COBIT and COSO frameworks define a proper control environment, both written information security policies and documented roles and responsibilities are critical to success. Policies and procedures with no defined security roles guarantee non-compliance. Security personnel without clear responsibilities and a tie to the overall compliance organization will be ineffective.

The following specific sections (marked with a **) of the COBIT Framework are addressed by specific controls in Information Shield publications:

Our publications provide the security thread that runs through the various controls requirements of COBIT. For example, in Install and Accredit Systems, ISPME provides detailed policies and standards for defining a secure baseline for new systems. ISRRME provides detailed job requirements for security personnel who are responsible for installing and accrediting systems.

For more information on using Information Shield solutions for your compliance efforts, please contact us.